With the number of security breaches increasing every day, relying on usernames and passwords alone to secure users' accounts is no longer an option. It has become necessary to add additional layers of security to filter out unauthorized users. Multi-factor authentication (MFA)—a method in which user identities are verified with authentication methods like Google Authenticator and biometrics—makes this possible.
With ADSelfService Plus' Endpoint MFA feature enabled, users have to authenticate themselves in two successive stages to access their Windows machines. The first level of authentication is through something they know: their usual Windows credentials. The second level of authentication—something they have—can be through one of the following:
Implementing MFA during Windows logins ensures that there is no risk to sensitive data, even in cases where passwords are compromised. This means that even if unauthorized users gain access to a user's password, they still need access to the user's phone or email to get the verification code. Moreover, the SMS and email-based verification codes as well as the authentication codes from Duo Security and RSA SecurID are unique to each user. These codes can only be used once and will expire if they aren't used within a certain period of time.
When Windows Logon MFA is enabled, it adds MFA to all local and remote Windows login attempts.
ADSelfService Plus supports Windows Logon MFA for the following operating systems:
Figure 1: How Windows Logon MFA works.
With Windows Logon MFA, ADSelfService Plus provides improved security to your users' endpoints, securing them against potential security threats. As it is unlikely that Windows MFA will have to be enabled for all users in a domain, ADSelfService Plus also offers you the ability to configure MFA based on domain, OU, or group membership.
Here's a GIF of how it works:
Learn how to enable multi-factor authentication for Windows logons.
Tighten Windows/macOS logon security with two-factor authentication.Download a free trial now!Request demo
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.